20 lines
539 B
YAML
20 lines
539 B
YAML
|
|
---
|
||
|
|
# Deploy OpenBao SSH user CA trust and per-user auth_principals.
|
||
|
|
#
|
||
|
|
# Prerequisite: railiance-platform openbao-configure-ssh (exports CA pubkey).
|
||
|
|
#
|
||
|
|
# cd ~/railiance-platform
|
||
|
|
# OPENBAO_TOKEN_FILE=~/.local/openbao/platform-admin.token \
|
||
|
|
# OPENBAO_SSH_CA_PUBKEY_OUT=/tmp/openbao-ssh-ca.pub \
|
||
|
|
# make openbao-configure-ssh
|
||
|
|
#
|
||
|
|
# cd ~/railiance-infra
|
||
|
|
# make bootstrap-ssh-ca SSH_CA_PUBKEY=/tmp/openbao-ssh-ca.pub
|
||
|
|
|
||
|
|
- hosts: all
|
||
|
|
become: true
|
||
|
|
vars_files:
|
||
|
|
- ../inventory/ssh_principals.yaml
|
||
|
|
roles:
|
||
|
|
- role: ssh_ca_host
|